立即与支持人员聊天
与支持团队交流

Migration Manager for Exchange 8.15 - Source Exchange 2019 Environment Preparation

Source Exchange 2019 Environment Preparation
Preparation Overview Checking System Requirements Setting Up Accounts and Required Permissions Preparing the Source Exchange Environment for Exchange Migration Setting Up Connection with the Target Exchange Organization Using SMTP Connectors

Setting Up the Source Active Directory Synchronization Account

This section describes how to set the required permissions for the Source Active Directory Synchronization Account. This account is used by the Directory Synchronization Agent (DSA) to access the source Active Directory domain

The required privilege level for the Source Active Directory Synchronization Account is membership in the Domain Admins group of the source domain.

Caution: If for some reason you cannot grant such privileges to the Source Active Directory Synchronization Account, then refer to the System Requirements and Access Rights document for the list of minimal required permissions.

To grant the necessary permission to the Source Active Directory Synchronization Account, perform the following:

  1. On the source domain controller in the Active Directory Users and Computers snap-in, click Users, then in the right pane right-click Domain Admins and click Properties.
  2. Go to the Members tab, click Add and select the Source Active Directory Synchronization Account.
  3. Close the dialog boxes by clicking OK.

Setting Up the Source Exchange Account

This section describes how to set the required permissions for the Source Exchange Account used by Migration Manager for Exchange agents. This account is used for the following:

  • Working with source Exchange mailboxes and public folders (used by Migration Agent for Exchange, Public Folder Source Agent and Public Folder Target Agent)
  • Moving mailboxes
Mailbox and Calendar Synchronizations

The following permissions are required for source Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization:

  • Read access to the source domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects)
  • The ApplicationImpersonation management role
  • The Move Mailboxes management role

  • The Mail Recipients management role

TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the source Exchange organization using the Add Source Organization Wizard under this account.

To set up the Source Exchange Account, perform the steps described in the related subtopics.

NOTE: Note that the steps are given only as an example of a possible Source Exchange Account setup.

Public Folder Synchronization

The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization:

  • Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • The Mail Enabled Public Folders management role
  • Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.
  • Permission to log on to public folder administrator mailbox by granting Full Control on it.

Note: Exchange account used for public folder synchronization must be mailbox-enabled to be able obtaining source public folder hierarchy.

To set up the Source Exchange Account, perform the steps described in the related subtopics.

NOTE: Note that the steps are given only as an example of a possible Source Exchange Account setup.

Changing the Default Exchange Account

Changing Default Exchange Account

To go on using the default Exchange Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps).

Granting Read Access to Active Directory Domain

To grant this permission to an account, complete the following steps:

  1. In the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties.
  2. On the Security tab, click Add and select the account.
  3. Select the account, and then check the Allow box for the Read permission in the Permissions box.
  4. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
  5. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list.
  6. Close the dialog boxes by clicking OK.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级